diff options
author | Paul Lawrence <paullawrence@google.com> | 2019-03-19 15:31:57 -0700 |
---|---|---|
committer | Cyril Hrubis <chrubis@suse.cz> | 2019-03-20 16:24:38 +0100 |
commit | 91242bbd2126d76bd3515163253d069ed7cd4fcd (patch) | |
tree | 5d1046be8de7bb8cdf570ca134ce3c5fd6044c72 /testcases/kernel | |
parent | 8032a1ae42afd024bd3e74984108020e7fa756e5 (diff) |
Add ltp pivot_root test
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
Diffstat (limited to 'testcases/kernel')
-rw-r--r-- | testcases/kernel/syscalls/pivot_root/.gitignore | 1 | ||||
-rw-r--r-- | testcases/kernel/syscalls/pivot_root/Makefile | 11 | ||||
-rw-r--r-- | testcases/kernel/syscalls/pivot_root/pivot_root01.c | 191 |
3 files changed, 203 insertions, 0 deletions
diff --git a/testcases/kernel/syscalls/pivot_root/.gitignore b/testcases/kernel/syscalls/pivot_root/.gitignore new file mode 100644 index 000000000..49b211739 --- /dev/null +++ b/testcases/kernel/syscalls/pivot_root/.gitignore @@ -0,0 +1 @@ +pivot_root01 diff --git a/testcases/kernel/syscalls/pivot_root/Makefile b/testcases/kernel/syscalls/pivot_root/Makefile new file mode 100644 index 000000000..6a3810270 --- /dev/null +++ b/testcases/kernel/syscalls/pivot_root/Makefile @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# +# Copyright (c) 2019 Google, Inc. + +top_srcdir ?= ../../../.. + +include $(top_srcdir)/include/mk/testcases.mk + +LDLIBS += $(CAP_LIBS) + +include $(top_srcdir)/include/mk/generic_leaf_target.mk diff --git a/testcases/kernel/syscalls/pivot_root/pivot_root01.c b/testcases/kernel/syscalls/pivot_root/pivot_root01.c new file mode 100644 index 000000000..eed3704ad --- /dev/null +++ b/testcases/kernel/syscalls/pivot_root/pivot_root01.c @@ -0,0 +1,191 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +// +// Copyright (c) 2019 Google, Inc. + +#define _GNU_SOURCE + +#include "config.h" + +#include <errno.h> +#include <lapi/syscalls.h> +#include <sched.h> + +#include <sys/mount.h> +#include <stdlib.h> + +#include "tst_test.h" + +#ifdef HAVE_UNSHARE + +#ifdef HAVE_LIBCAP +#include <sys/capability.h> +#endif + +#define CHROOT_DIR "chroot" +#define NEW_ROOT "/new_root" +#define PUT_OLD "/new_root/put_old" +#define PUT_OLD_FS "/put_old_fs" +#define PUT_OLD_BAD "/put_old_fs/put_old" + +enum { + /* + * Test consists of a series of steps that allow pivot_root to succeed, + * which is run when param is NORMAL. All other values tweak one of the + * steps to induce a failure, and check the errno is as expected. + */ + NORMAL, + + /* + * EBUSY + * new_root or put_old are on the current root file system + */ + NEW_ROOT_ON_CURRENT_ROOT, + + /* + * EINVAL + * put_old is not underneath new_root + * Note: if put_old and new_root are on the same fs, + * pivot_root fails with EBUSY before testing reachability + */ + PUT_OLD_NOT_UNDERNEATH_NEW_ROOT, + + /* + * ENOTDIR + * new_root or put_old is not a directory + */ + PUT_OLD_NOT_DIR, + + /* + * EPERM + * The calling process does not have the CAP_SYS_ADMIN capability. + */ + NO_CAP_SYS_ADMIN, +}; + +static const struct test_case { + int test_case; + int expected_error; +} test_cases[] = { + {NORMAL, 0}, + {NEW_ROOT_ON_CURRENT_ROOT, EBUSY}, + {PUT_OLD_NOT_UNDERNEATH_NEW_ROOT, EINVAL}, + {PUT_OLD_NOT_DIR, ENOTDIR}, + {NO_CAP_SYS_ADMIN, EPERM}, +}; + +#ifdef HAVE_LIBCAP +static void drop_cap_sys_admin(void) +{ + cap_value_t cap_value[] = { CAP_SYS_ADMIN }; + cap_t cap = cap_get_proc(); + if (!cap) + tst_brk(TBROK | TERRNO, "cap_get_proc failed"); + + if (cap_set_flag(cap, CAP_EFFECTIVE, 1, cap_value, CAP_CLEAR)) + tst_brk(TBROK | TERRNO, "cap_set_flag failed"); + + if (cap_set_proc(cap)) + tst_brk(TBROK | TERRNO, "cap_set_proc failed"); +} +#endif + +static void run(unsigned int test_case) +{ + /* Work in child process - needed to undo unshare and chroot */ + if (SAFE_FORK()) { + tst_reap_children(); + return; + } + + /* pivot_root requires no shared mounts exist in process namespace */ + TEST(unshare(CLONE_NEWNS | CLONE_FS)); + if (TST_RET == -1) + tst_brk(TFAIL | TERRNO, "unshare failed"); + + /* + * Create an initial root dir. pivot_root doesn't work if the initial root + * dir is a initramfs, so use chroot to create a safe environment + */ + SAFE_MOUNT("none", "/", NULL, MS_REC|MS_PRIVATE, NULL); + SAFE_MOUNT("none", CHROOT_DIR, "tmpfs", 0, 0); + SAFE_CHROOT(CHROOT_DIR); + + SAFE_MKDIR(NEW_ROOT, 0777); + + /* + * pivot_root only works if new_root is a mount point, so mount a tmpfs + * unless testing for that fail mode + */ + if (test_cases[test_case].test_case != NEW_ROOT_ON_CURRENT_ROOT) + SAFE_MOUNT("none", NEW_ROOT, "tmpfs", 0, 0); + + /* + * Create put_old under new_root, unless testing for that specific fail + * mode + */ + const char* actual_put_old = NULL; + if (test_cases[test_case].test_case == PUT_OLD_NOT_UNDERNEATH_NEW_ROOT) { + actual_put_old = PUT_OLD_BAD; + SAFE_MKDIR(PUT_OLD_FS, 0777); + SAFE_MOUNT("none", PUT_OLD_FS, "tmpfs", 0, 0); + SAFE_MKDIR(PUT_OLD_BAD, 0777); + } else { + actual_put_old = PUT_OLD; + + if (test_cases[test_case].test_case == PUT_OLD_NOT_DIR) + SAFE_CREAT(PUT_OLD, 0777); + else + SAFE_MKDIR(PUT_OLD, 0777); + } + + if (test_cases[test_case].test_case == NO_CAP_SYS_ADMIN) { +#ifdef HAVE_LIBCAP + drop_cap_sys_admin(); +#else + tst_res(TCONF, + "System doesn't have POSIX capabilities support"); + return; +#endif + } + + TEST(syscall(__NR_pivot_root, NEW_ROOT, actual_put_old)); + + if (test_cases[test_case].test_case == NORMAL) { + if (TST_RET) + tst_res(TFAIL | TERRNO, "pivot_root failed"); + else + tst_res(TPASS, "pivot_root succeeded"); + + return; + } + + if (TST_RET == 0) { + tst_res(TFAIL, "pivot_root succeeded unexpectedly"); + return; + } + + if (errno != test_cases[test_case].expected_error) { + tst_res(TFAIL | TERRNO, "pivot_root failed with wrong errno"); + return; + } + + tst_res(TPASS | TERRNO, "pivot_root failed as expectedly"); +} + +static void setup(void) +{ + SAFE_MKDIR(CHROOT_DIR, 0777); +} + +static struct tst_test test = { + .test = run, + .tcnt = ARRAY_SIZE(test_cases), + .needs_tmpdir = 1, + .needs_root = 1, + .forks_child = 1, + .setup = setup, +}; + +#else + TST_TEST_TCONF("unshare is undefined."); +#endif |